Talk to a Security Expert Now: (800) 721-9177

Finding the Needle in the NBEstack

I’m a huge fan of the Nessus vulnerability scanner.  It’s got plug-ins for anything you could ask for, runs great in a Linux environment, and outputs a ton of information (thanks to thousands and thousands of checks).  While all that information is a good thing, sometimes you are just looking for specific issues or findings across a network.  A quick way I like to strip out interesting information is grepping through the output files for certain Nessus ID’s.  Here is a quick list of interesting plug-ins:

  • 16314 – Lists suspicious and unwanted software.
  • 36217 – Detection of the Conficker worm.
  • 23938 – Locates Cisco routers with missing / default passwords.
  • 38153 – A nice summary of missing Microsoft patches.
  • 11936 – Identification details about the machines OS.
  • 10673 – Locates SQL servers with default / blank SA accounts.
  • 10396 – Details about SMB shares.
  • 23910 – Locates modified HOSTS files – can be an indication of a virus or malware.

To search for these, I usually do a quick grep nessus-id *.nbe and then use cut with custom delimiters to filter out the IP addresses and other pertinent information.

Related Posts

OWASP Live CD

I need to express my love for OWASP's Live CD (aka OWASP Web Testing Environment). …

DoS-ing over Dial-Up

DoS, or Denial of Service attacks, are nothing new.  The main idea behind a DoS…

Installing Metasploit 4 in Ubuntu 11.04

Install the latest version of the Metasploit 4 Framework (MSF4) on Ubuntu 11.04 Natty Narwhal using the following commands. This downloads and installs the generic Linux binary which comes bundled with all the necessary components you need for Metasploit to install and run. This should work for most users and is the easiest way to get Metasploit Framework running under Ubuntu and other Debian based Linux distros quickly.
This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top